bfbb7000d532de2b696c26ae6867012b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bfbb7000d532de2b696c26ae6867012b_JaffaCakes118
Size

61KB
MD5

bfbb7000d532de2b696c26ae6867012b
SHA1

45c102eb3619de391f9112b818bf22d9b2eb186b
SHA256

5f59f7002c8851a118810c91d6845a82085371a91ebf6adb15393b41f1dd4bc7
SHA512

4b3634b9b48e4b74722b097b4ead359282a4577a0e945f38e144100d9b2dbc500854502cbfa4eae621614fd74cd2ee1e140b3cd7c2c389d75894d1ef7bb994ed
SSDEEP

768:fp6qRf12BF4wFaBeSoPUaPDV54FKnHu+U7hdFYqiOeiY15Jl:Rz12BGwEBeS7aPgFKnH1U7hrgjh5Jl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bfbb7000d532de2b696c26ae6867012b_JaffaCakes118

Files

bfbb7000d532de2b696c26ae6867012b_JaffaCakes118
.dll windows:4 windows x86 arch:x86

fb380327542695dea3935357a56753d1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
ExitProcess
GetACP
GetCommandLineA
GetModuleHandleA
GetOEMCP
GetStartupInfoA
GetSystemTime
GetVersion
HeapAlloc
LocalAlloc
OpenFile
OpenFileMappingA
ReadFile
RtlUnwind
SetLastError
lstrcmpA
lstrcmpiA
lstrcpyA

user32

LoadAcceleratorsW
IsCharLowerA
GetFocus
EmptyClipboard
DispatchMessageA
CharNextA
EqualRect
CharUpperBuffA
DestroyCaret

ole32

OleInitialize
CoUninitialize
CoTaskMemFree
StgCreateDocfileOnILockBytes
CoInitialize
ReleaseStgMedium
OleUninitialize
GetConvertStg
GetRunningObjectTable
CoCreateInstance
CoGetClassObject

wintrust

WinVerifyTrust
CryptCATCDFOpen
CryptCATClose

setupapi

SetupFindNextMatchLineA
SetupFreeSourceListA
SetupGetInfFileListA

Sections

.text
Size: 25KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ